[Webkit-unassigned] [Bug 167673] New: WebProcess crashes in int WTF::__throw_bad_variant_access<int> when expanding/shrinking a block selection

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Jan 31 15:49:11 PST 2017 

https://bugs.webkit.org/show_bug.cgi?id=167673

            Bug ID: 167673
           Summary: WebProcess crashes in  int
                    WTF::__throw_bad_variant_access<int> when
                    expanding/shrinking a block selection
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: HTML Editing
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: enrica at apple.com

There are no reproducible steps for this crash but the crash log indicates that it occurs expanding/shrinking a block selection on iOS in Safari.

Here is the stack trace of the crash:

Thread 0 name:  Dispatch queue: com.apple.main-thread
Thread 0 Crashed ↩:
0   WebKit                            0x00000001935ac708 int WTF::__throw_bad_variant_access<int>(char const*) + 36 (Variant.h:120)
1   WebKit                            0x00000001935ac708 int WTF::__throw_bad_variant_access<int>(char const*) + 36 (Variant.h:120)
2   WebKit                            0x000000019359fd88 WebKit::containsRange(WebCore::Range*, WebCore::Range*) + 324 (Variant.h:1808)
3   WebKit                            0x000000019359f708 WebKit::WebPage::expandedRangeFromHandle(WebCore::Range*, WebKit::SelectionHandlePosition) + 560 (WebPageIOS.mm:1339)
4   WebKit                            0x00000001935a0478 WebKit::WebPage::computeExpandAndShrinkThresholdsForHandle(WebCore::IntPoint const&, WebKit::SelectionHandlePosition, float&, float&) + 136 (WebPageIOS.mm:1526)
5   WebKit                            0x00000001935a0ff0 WebKit::WebPage::updateSelectionWithTouches(WebCore::IntPoint const&, unsigned int, bool, unsigned long long) + 756 (WebPageIOS.mm:1744)
6   WebKit                            0x00000001935b2b6c void IPC::handleMessage<Messages::WebPage::UpdateSelectionWithTouches, WebKit::WebPage, void (WebKit::WebPage::*)(WebCore::IntPoint const&, unsigned int, bool, unsigned long long)>(IPC::Decoder&, WebKit::WebPage*, void (WebKit::WebPage::*)(WebCore::IntPoint const&, unsigned int, bool, unsigned long long)) + 76 (HandleMessage.h:46)
7   WebKit                            0x0000000193482828 IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&) + 120 (MessageReceiverMap.cpp:123)
8   WebKit                            0x0000000193611d8c WebKit::WebProcess::didReceiveMessage(IPC::Connection&, IPC::Decoder&) + 36 (WebProcess.cpp:638)
9   WebKit                            0x0000000193448918 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) + 164 (Connection.cpp:897)
10  WebKit                            0x000000019344b104 IPC::Connection::dispatchOneMessage() + 232 (Connection.cpp:955)
11  JavaScriptCore                    0x000000018e358c24 WTF::RunLoop::performWork() + 172 (Function.h:50)
12  JavaScriptCore                    0x000000018e358efc WTF::RunLoop::performWork(void*) + 36 (RunLoopCF.cpp:38)

rdar://problem/30229620

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170131/dc8cda38/attachment.html>

More information about the webkit-unassigned mailing list